ENSILO Breaking Malware

L0rdix, currently available for purchase in underground forums, is aimed at infecting Windows-based machines, combines stealing and cryptocurrency mining methods, can avoid malware analysis tools and is designed to be auniversal "go-to" tool for attackers. Indicators suggest the tool is still under development and we expect to encounter more

On August 8th, at the BSides Conference in Las Vegas, we unveiled a new exploitation technique against the Microsoft Windows operating system. It's a general technique to leverage with kernel vulnerabilities and make privilege escalation easier.

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime. And the fix for it isn’t as foolproof as you would’ve hoped.

Windows environment variables can be used to run commands and can also be used to bypass UAC, allowing an attacker with limited privileges to take complete control of the system. This code leverages a rather unusual scenario within Windows OS.